Policies overview
This section provides an overview of internal policies and links to each document.
Policy index
| Policy / Procedure |
Description |
| Access Control Policy |
Access to systems, applications, and cloud services; user lifecycle (joiner/mover/leaver). ISO/IEC 27001:2022 aligned. |
| Backup and Recovery Policy |
Backup scope, procedures, and recovery testing for AWS and critical systems. |
| Human Resource Security Procedure |
Onboarding and offboarding from an information security perspective. |
| Information Security Policy |
Management direction and principles for information security; roles, risk approach, cloud and third-party security. |
| Information Security Incident Management Procedure |
Reporting, handling, and improvement of information security incidents. |
| Supplier Security Management Policy |
Managing information security risk for cloud and AI suppliers (e.g., AWS, Anthropic). |
Categories
| Category |
Policies |
| Access & identity |
Access Control Policy, Human Resource Security Procedure |
| Operations & resilience |
Backup and Recovery Policy |
| Governance |
Information Security Policy |
| Incident & response |
Information Security Incident Management Procedure |
| Third party |
Supplier Security Management Policy |